Third party app developers can read users’ messages on Gmail

July 4, 2018

Google has warned Gmail users to stay vigilant and to review privacy policies of third party apps before subscribing to such apps as they can read user messages in real time.

Following the publication of some reports that claimed Google reads Gmail messages of users, Google published a blog post recently in which it stated that it never reads users' emails except when a user authorises the company to do so or in cases where it needs to investigate a bug or abuse.

"We make it possible for applications from other developers to integrate with Gmail—like email clients, trip planners and customer relationship management (CRM) systems—so that you have options around how you access and use your email," Google said.

"Before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.

"Before a non-Google app is able to access your data, we show a permissions screen that clearly shows the types of data the app can access and how it can use that data. We strongly encourage you to review the permissions screen before granting access to any non-Google application," it added.

The company added that not only can a Gmail user view and control permissions within myaccount.google.com under “Apps with account access”, but can also take advantage of Security Checkup to view all non-Google apps that have access to data and to revoke previously-granted permissions to apps that are flagged as potentially risky.

"We do not process email content to serve ads, and we are not compensated by developers for API access. Gmail’s primary business model is to sell our paid email service to organizations as a part of G Suite. We do show ads in consumer Gmail, but those ads are not based on the content of your emails," it added.

Third-party access to emails an open secret

Commenting on the revelation that non-Google apps on Gmail can read users' emails, Evgeny Chereshnev, CEO and founder of Biolink.Tech, told TEISS that when a user connects through third-party email applications, the application has access to all content because, technically, your connection to the email application is via the mail server where all emails are stored. So, it’s true that all third-party email applications have access to your Gmail accounts, if you connected them.

"This type of access is going to going to continue, and people need to be aware that every time they connect to, or install, a third-party application on their mobile device, they are giving rights to those applications – often without even thinking about it. These applications gain access to users’ contacts, information about the user of the phone as well as things like GPS location, so this needs to be taken very seriously.

"Now that GDPR is in force, a lot of effort needs to be taken to create awareness around cybersecurity and privacy among the general population, not just security specialists," he added.

About The Author

Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.

Basildon Council in Essex has been fined £150,000 by the Information Commissioner's Office for disclosing sensitive personal information in a planning application. The disclosure of sensitive personal information took place …